Microcash: Efficient Off-Line Small Payments

An off-line electronic cash scheme is proposed that is suitable for small payments. The approach is innovative, in that each coin may be efficiently verified by the same or different merchants during payment. The scheme relies on a batch signature technique to efficiently sign and verify individually spent coins; coins may also be deposited in batch manner. The scheme outlined differs considerably from conventional micropayments schemes by servicing a number of cash-like properties, such as off-line processing, detection of double spent coins, and ability to spend at different merchants. Additionally, the scheme eliminates a number of processing overheads that are apparent to some existing micropayment schemes

Guarantees for Customers of Incentive Anonymizing Networks

We raise and propose solutions to the problem of guaranteeing that a user of incentive remailing services for anonymization cannot lose money if he does not get full service, i.e., if his message does not reach its destination. Applications such as voting over the Internet or reviewing of articles require anonymous delivery of messages. An anonymizing technique was proposed several decades ago by Chaum and is based on a group of volunteer agents called {\em mixnet}. However, mixnets are not yet widely known and used today, and one often mentioned reason is the lack of incentives for volunteers. A recently proposed solution is based on adding digital coins to messages, such that each volunteer can extract only the digital coin designated as a payment for her. However, registered volunteers can sabotage the system by extracting and using their coins without performing their task --- which consists of forwarding anonymized messages. The main improvement we propose is to guarantee that no money is lost by the user without getting his message at the destination. This is an essential property for a viable service. Solutions described are based on handshaking mechanisms where each volunteer gets her payment (or key to decrypt the payment) from the agent to which she is expected to forward the message, or from the destination using a public board or a reply message. This ensures that a volunteer gets her financial support only if she fulfills her task. We discuss how techniques for non-repudiation of receipt of a message, together with reputation systems, can address the remaining problems

Off-Line Electronic Cash Based on Secret-Key Certificates

An off-line electronic coin system is presented that offers multi-party security and unconditional privacy of payments. The system improves significantly on the efficiency of the previously most efficient such system known in the literature, due to application of a recently proposed technique called secret-key certificates. By definition of secret-key certificates, pairs consisting of a public key and a matching certificate can be simulated with indistinguishable probability distribution. This allows a variety of polynomial-time reductions from a well-known signature scheme to the cash system. In particular, the withdrawal protocol can be proved to be restrictive blind with respect to one account holder, relying only on a standard intractability assumptio

One-Time Delegation of Unlinkable Signing Rights and Its Application

Delegation of signing rights can be useful to promote effective resource sharing and smooth cooperation among participants in distributed systems, and in many situations, we often need restricted delegation such as one-timeness and unlinkability rather than simple full delegation. Particularly, one-timesness cannot be achieved just by deploying cryptographic measures, and one needs to resort to some form of tamper-proofness or the assistance from external cloud servers for ``key-disabling\u27\u27. In this work, we extend the latter such that a delegatee can sign a message without the delegator\u27s involvement with the assumption that there exists at least one honest cloud server with secure erasure to achieve one-timeness. In this setting, if the delegator just shares their signing key between the delegatee and cloud servers, it may be problematic. It is because in the worst case, the delegator cannot know whether or not a signing key theft occurred because the signatures generated illegally are indistinguishable from the ones generated legally. To solve this, first we propose an efficient one-time delegation scheme of Okamoto-Schnorr signing. Further we combine the basic delegation scheme with anonymous credentials such that the delegator can detect the signing key theft even if one-time delegation is broken while also achieving unlinkability for both the delegator and cloud servers. Further we show its application to an e-cash scheme, which can prevent double-spending

Système électronique de transport, transfert et d'échange numérique de valeurs

Les transactions numériques sur des réseaux électroniques de communications -- Le transfert numérique de valeurs -- Le système tranzix -- Impacts socio-économiques potentiels